Insider's intentional misbehaviours without the malicious intent to harm and security workarounds are emerging issues in information security behavioural field. To mitigate these insider's threats, prior research has been confirming many contributing factors of misbehaviours by focusing much on the cognition of employees as individual beings. Consequently, these studies' practical values are inevitably limited by the assumptions of their focus on individuals, which overlook the dynamic exchanges between organisational entities and collectives. From reviewing prior information security behavioural research and detecting their limitations, this paper introduces and proposes social network research as a new approach that would complement to the current body of knowledge. As a result, we discuss the potential directions of social network research and provide some potential research ideas that could be investigated using social network analysis techniques.
Available at: http://works.bepress.com/siddhi/30/